Power analysis poses a significant threat to the security of cryptographic algorithms, as it can be leveraged to recover secret keys. While various software-based countermeasures exist to mitigate this non-invasive attack, they often involve a trade-off between time and space constraints. Techniques such as masking and shuffling, while effective, can noticeably impact execution speed and rely heavily on run-time random number generators. On the contrary, internally encoded implementations of block ciphers offer an alternative approach that does not rely on run-time random sources, but it comes with the drawback of requiring substantial memory space to accommodate lookup tables. Internal encoding, commonly employed in white-box cryptography, suffers from a security limitation as it does not effectively protect the secret key against statistical analysis. To overcome this weakness, this paper introduces a secure internal encoding method for an AES implementation. By addressing the root cause of vulnerabilities found in previous encoding methods, we propose a balanced encoding technique that aims to minimize the problematic correlation with key-dependent intermediate values. We analyze the potential weaknesses associated with the balanced encoding and present a method that utilizes complementary sets of lookup tables. In this approach, the size of the lookup tables is approximately 512KB, and the number of table lookups is 1,024. This is comparable to the table size of non-protected white-box AES-128 implementations, while requiring only half the number of lookups. By adopting this method, our aim is to introduce a non-masking technique that mitigates the vulnerability to statistical analysis present in current internally-encoded AES implementations.

翻译：功耗分析对密码算法的安全性构成重大威胁，因为可利用其恢复密钥。尽管存在各种软件级对策可缓解这种非侵入式攻击，但这些方法通常需要在时间与空间约束之间进行权衡。掩码和混淆等技术虽然有效，却会显著影响执行速度，且高度依赖运行时随机数生成器。相比之下，分组密码的内部编码实现提供了一种不依赖运行时随机源的替代方案，但其代价是需要大量内存空间来存储查找表。内部编码（常用于白盒密码）存在安全局限，无法有效保护密钥免受统计分析攻击。为克服这一缺陷，本文提出了一种适用于AES实现的安全内部编码方法。通过分析现有编码方法漏洞的根本原因，我们提出一种平衡编码技术，旨在将密钥相关中间值的敏感关联性降至最低。我们分析了平衡编码可能存在的弱点，并提出了一种利用互补查找表集的方法。该方法中查找表大小约为512KB，查表次数为1024次，与未受保护的白盒AES-128实现中的表大小相当，而查表次数仅为其一半。通过采用该方法，我们旨在提出一种非掩码技术，以缓解当前内部编码AES实现中存在的统计分析漏洞。